Secure end-to-end transport through intermediary nodes
First Claim
Patent Images
1. A method for independently encrypting channels of data in a transaction, comprising:
- encryption of a first data channel in the transaction using a first security association;
encryption of a second data channel in the transaction using a second security association;
encryption of an arbitrary number of additional data channels contained within the transaction using a unique security association for each channel,wherein the first data channel consists of point-to-point control data and the second data channel consists of end-to-end content data.
2 Assignments
0 Petitions
Accused Products
Abstract
A communication network encrypts a first portion of a transaction associated with point-to-point communications using a point-to-point encryption key. A second portion of the transaction associated with end-to-end communications is encrypted using an end-to-end encryption key.
-
Citations
32 Claims
-
1. A method for independently encrypting channels of data in a transaction, comprising:
-
encryption of a first data channel in the transaction using a first security association; encryption of a second data channel in the transaction using a second security association; encryption of an arbitrary number of additional data channels contained within the transaction using a unique security association for each channel, wherein the first data channel consists of point-to-point control data and the second data channel consists of end-to-end content data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computing device, comprising:
-
a processor transmitting or receiving a transaction having a first portion of data encrypted using a first security association and a second portion of data encrypted using a second security association, wherein the first portion of data comprises control information used for transporting the transaction over a network and the second portion of data comprises contents of a file, document, message, or document request. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A system, comprising:
-
a server receiving a transaction containing a first portion of data encrypted using a first known encryption key and a second portion of data encrypted using a second unknown encryption key, the server decrypting the first portion of data to determine how to process the transaction while the second portion of data remains encrypted, wherein the transaction includes a third unencrypted portion of data, the server combining the decrypted first portion of data with the third unencrypted portion of data and processing the transaction according to the combined first and third portions of data. - View Dependent Claims (17, 18)
-
-
19. A method for encrypting information, comprising:
-
programming a network processing device to associate different types of items in transactions with different security associations; processing various different transactions at the network processing device; correlating security associations with different data channels in the transactions; encrypting or decrypting the items in the transactions according to the corresponding security associations, configuring the network processing device with different security associations containing encryption keys, the security associations correlated with at least some of the data channels; decrypting only the items from the data channels having corresponding known security associations with configured encryption keys, while keeping the channels without known security associations encrypted; processing the transactions according to the decrypted items; re-encrypting only the items in the processed transactions having corresponding security associations while preserving unmodified the data channels without known security associations and transporting the transactions containing re-encrypted and/or unmodified data channels to an endpoint. - View Dependent Claims (20, 21, 22)
-
-
23. A method for independently encrypting channels of data in a transaction, comprising:
-
encryption of a first data channel in the transaction using a first security association; encryption of a second data channel in the transaction using a second security association; encryption of an arbitrary number of additional data channels contained within the transaction using a unique security association for each channel; negotiation of a first encryption key and security association for the first data channel between a mobile device and a server operating as a transfer agent for the transaction; negotiation of a second encryption key and security association for the second data channel between a mobile device and a computer operating as an endpoint for the transaction; and negotiation of a third encryption key and security association for the first data channel between the server and an endpoint.
-
-
24. A method for independently encrypting channels of data in a transaction, comprising:
-
encryption of a first data channel in the transaction using a first security association; encryption of a second data channel in the transaction using a second security association; encryption of an arbitrary number of additional data channels contained within the transaction using a unique security association for each channel; and leaving a third data channel in the transaction unencrypted.
-
-
25. A method for independently encrypting channels of data in a transaction, comprising:
-
encryption of a first data channel in the transaction using a first security association; encryption of a second data channel in the transaction using a second security association; encryption of an arbitrary number of additional data channels contained within the transaction using a unique security association for each channel; assigning each item in the transaction to one of the data channels; separating different items in the transaction according to the assigned data channel; encoding the separated items into data groups; encrypting some or all of the data groups using the security associations assigned to the data channel corresponding to each data group; and encoding the processed data groups into one or more packets.
-
-
26. A method for independently encrypting channels of data in a transaction, comprising:
-
encryption of a first data channel in the transaction using a first security association; encryption of a second data channel in the transaction using a second security association; encryption of an arbitrary number of additional data channels contained within the transaction using a unique security association for each channel; encoding a first set of packets containing only the data encrypted using the first security association; encoding a second set of packets containing only the data encrypted using the second security association; encoding a packet header that contains unencrypted data, the packet header identifying a data size for the first set of packets and the second set of packets; and transporting the first set of packets and then transporting the second set of packets immediately after the first set of packets.
-
-
27. A computing device, comprising:
-
a processor transmitting or receiving a transaction having a first portion of data encrypted using a first security association and a second portion of data encrypted using a second security association, wherein the processor separates data items in the transaction into different data channels, and separately encodes and encrypts the different data channels according to the corresponding security associations.
-
-
28. A computing device, comprising:
-
a processor transmitting or receiving a transaction having a first portion of data encrypted using a first security association and a second portion of data encrypted using a second security association, wherein the processor encodes the transaction into multiple packets each one of the packets containing data encrypted using the same encryption key.
-
-
29. A computing device, comprising:
-
a processor transmitting or receiving a transaction having a first portion of data encrypted using a first security association and a second portion of data encrypted using a second security association, wherein the processor generates a header that identifies a first set of the packets containing data encrypted using a first encryption key and a second set of the packets containing data encrypted using a second encryption key.
-
-
30. A method for encrypting information, comprising:
-
programming a network processing device to associate different types of items in transactions with different security associations; processing various different transactions at the network processing device; correlating security associations with different data channels in the transactions; and encrypting or decrypting the items in the transactions according to the corresponding security associations; separating items in the received transactions into channels associated with the different security associations; encoding the items in each channel into bit arrays; and encrypting or decrypting the bit arrays for each channel according to the associated encryption.
-
-
31. A method for encrypting information, comprising:
-
programming a network processing device to associate different types of items in transactions with different security associations; processing various different transactions at the network processing device; correlating security associations with different data channels in the transactions; encrypting or decrypting the items in the transactions according to the corresponding security associations; and configuring the network processing device with an encryption schema that associates different types of items in the transactions with the different security associations, the network processing device encrypting or decrypting items in various received or transmitted transactions according to the configured encryption schema. - View Dependent Claims (32)
-
Specification